|
277871
|
- |
|
apple
|
iphone_os
mac_os_x
|
CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
|
CWE-20
Improper Input Validation
|
CVE-2015-1088
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277872
|
- |
|
apple
|
iphone_os
|
Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path.
|
CWE-22
Path Traversal
|
CVE-2015-1087
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277873
|
- |
|
apple
|
tvos
iphone_os
|
The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context …
|
CWE-20
Improper Input Validation
|
CVE-2015-1086
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277874
|
- |
|
apple
|
iphone_os
|
AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-1085
|
2024-11-21 11:24 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277875
|
- |
|
qualiteam
|
x-cart
|
X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0951
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277876
|
- |
|
qualiteam
|
x-cart
|
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0950
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277877
|
- |
|
antlabs
|
inngate_ig_3.10_g
inngate_ig_3.10_e
inngate_ig_3.00_e
inngate_ig_3.01_e
inngate_ig_3100
inngate_ig_3101
inngate_ig_3.02_e
|
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0932
|
2024-11-21 11:24 |
2015-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277878
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack.
|
CWE-255
Credentials Management
|
CVE-2015-0995
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277879
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests.
|
CWE-254
7PK - Security Features
|
CVE-2015-0994
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277880
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
|
CWE-254
7PK - Security Features
|
CVE-2015-0993
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
